Description
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in Microsoft Office Click‑To‑Run that allows an authorized attacker to elevate privileges locally. By triggering the flaw, the attacker can gain higher rights on the system. The weakness is classified as CWE‑416, indicating improper freeing of memory while a reference remains.

Affected Systems

Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft Office LTSC 2024 product lines are affected. Version information is not specified in the advisory, so all current releases of these products should be considered vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.8 points to a high likelihood of a successful local privilege escalation, but the EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local with an authorized attacker, as the description states local privilege elevation. Adopting the latest Office updates mitigates the risk.

Generated by OpenCVE AI on June 1, 2026 at 20:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Office update from Microsoft that contains the fix for this use‑after‑free flaw.
  • If no update is immediately available, restrict the privilege level of users who run Office or disable Click‑To‑Run for those users to limit exploitation opportunities.
  • Switch from Click‑To‑Run deployment to the traditional installer deployment mode until a patch is released to reduce the attack surface.
  • Monitor Microsoft advisories for the release of the patch and apply it as soon as possible.

Generated by OpenCVE AI on June 1, 2026 at 20:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Tue, 19 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft office
Microsoft office Long Term Servicing Channel
CPEs cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*
Vendors & Products Microsoft office
Microsoft office Long Term Servicing Channel

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Title Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
Weaknesses CWE-416
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office Office 2019 Office 2021 Office 2024 Office Long Term Servicing Channel
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-02T23:17:17.583Z

Reserved: 2026-04-13T00:27:50.799Z

Link: CVE-2026-40418

cve-icon Vulnrichment

Updated: 2026-05-13T09:58:24.663Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T18:17:19.940

Modified: 2026-06-01T19:16:39.060

Link: CVE-2026-40418

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T21:00:15Z

Weaknesses